FILE IDENTIFIER

Currently VirusBattle uses SHA1 of a file as its identifier. However,
the specific choice of the identifier is subect to change. In this
discussion we use the term filehash or objID interchangabely to
mean the object identifier used by VirusBattle.

FILE FORMATS SUPPORTED

VirusBattle currently analyzes Windows PE32 executables. Since most
companies and people do not like to have malware executables on their
machines or network, the system allows uploading password protected
zip files as well. Besides zip, the system also accepts tar,
tar.gz, and 7z formats. Other archive formats can be supported on
request to the extent their decompressors are available on Ubuntu
platform.

The system also supports nested archives: exe contained in zip,
contained in tar, contained in of 7z, zip, etc. It can dig deep into
such archives.

VirustBattle can also decrypt password protected archives, either
with the default password infected or using a password provided by
you. The only caveat is that for nested archives all password
protected archives use the same password.

The design of the RESTful API is driven with the goal to support
submission and querying of nested archives. VirusBattle treats nested
archives simlar to nested directories, and provides mechanism to
traverse the hierarchy until you reach the required binary and query
its information. You may also directly access the necessary
information using a binary's (or for that matter any file's) file
identifier.